Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
Forwarded from DailyCVE
π΅Vidyo clickjacking vulnerability CVE-2020-35735:
https://dailycve.com/vidyo-clickjacking-vulnerability-cve-2020-35735
https://dailycve.com/vidyo-clickjacking-vulnerability-cve-2020-35735
Dailycve
Vidyo clickjacking vulnerability CVE-2020-35735 | CVE
Details:
Vidyo is a platform from Vidyo, USA that is used to support video conferencing.
Vidyo update 02-09-/D has a clickjacking flaw. The weakness stems from X-Frame-Options and other methods of security not being set. This weakness can be used byβ¦
Forwarded from UNDERCODE NEWS
Japan's 5G hit directly by Corona, can it be rebuilt in 2021?
#Technologies
#Technologies
Forwarded from UNDERCODE NEWS
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦ How to properly protect sysctl on Linux from spoofing and Syn flooding:
Includes protection against incorrect error messages
Enable SYN cookies to prevent the server from dropping connections when the SYN queue is full
Increase SYS queue size to 2048
W akryvayut state SYN_RECV compound pre
Decrease SYN_RECV timeout value to help mitigate SYN flood attack
Save and close the file.
π¦How to reload the configuration ?
You can reload the configuration with the command:
sudo sysctl -p
I found that the sysctl -p command did not load the tcp_max_syn_backlog correctly.
Only after a reboot was the value 2048 added.
So, after running the sudo sysctl -p command, enter the command:
sudo less / proc / sys / net / ipv4 / tcp_max_syn_backlog
Make sure the value shown is 2048.
If the value is less, restart the server.
At this point, your Linux server should be better protected against SYN attacks and IP spoofing.
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦ How to properly protect sysctl on Linux from spoofing and Syn flooding:
This configuration will be as follows:π¦How to edit sysctl config file ?
Disable IP forwarding
Disable packet forwarding
Disable accepting ICMP redirects
Enable protection against incorrect error messages
What you need:
Linux OS
User with sudo privileges
Log into your Linux server or desktop and open a terminal window.π¦In the terminal enter the command:
sudo nano /etc/sysctl.confπ¦The above settings do the following:
First required parameter:
# net.ipv4.ip_forward = 1
change to:
net.ipv4.ip_forward = 0
Next line:
# net.ipv4.conf.all.send_redirects = 0
change to:
net.ipv4.conf.all.send_redirects = 0
Find the line:
# net.ipv4.conf.all.accept_redirects = 0
change to:
net.ipv4.conf.all.accept_redirects = 0
Add the following line below that:
net.ipv4.conf.default.accept_redirects = 0
Finally, add the following lines to the end of the file:
net.ipv4.icmp_ignore_bogus_error_responses = 1
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 2048
net.ipv4.tcp_synack_retries = 3
net.ipv4.netfilter.ip_conpntracktime
Includes protection against incorrect error messages
Enable SYN cookies to prevent the server from dropping connections when the SYN queue is full
Increase SYS queue size to 2048
W akryvayut state SYN_RECV compound pre
Decrease SYN_RECV timeout value to help mitigate SYN flood attack
Save and close the file.
π¦How to reload the configuration ?
You can reload the configuration with the command:
sudo sysctl -p
I found that the sysctl -p command did not load the tcp_max_syn_backlog correctly.
Only after a reboot was the value 2048 added.
So, after running the sudo sysctl -p command, enter the command:
sudo less / proc / sys / net / ipv4 / tcp_max_syn_backlog
Make sure the value shown is 2048.
If the value is less, restart the server.
At this point, your Linux server should be better protected against SYN attacks and IP spoofing.
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from DailyCVE
Dailycve
Jsonpickle code issue vulnerability | CVE
Details:
Jsonpickle is a Python-based program developed by Jsonpickle's personal creator to support Python object serialization with Json.
Release 1.4.1 and previous versions of jsonpickle provide a code problem flaw that enables remote code executionβ¦
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
Forwarded from DailyCVE
π΅Egavilan Media EGM Address Book SQL injection leak:
https://dailycve.com/egavilan-media-egm-address-book-sql-injection-leak
https://dailycve.com/egavilan-media-egm-address-book-sql-injection-leak
Dailycve
Egavilan Media EGM Address Book SQL injection leak... | CVE
Details:
The Egavilan Media EGM Address Book is a communication information management site (address book) coordinated in the United States by Egavilan Media.
Version 1.0 of the EGavilan Media EGM Address Book has a SQL injection flaw. This vulnerabilityβ¦
Forwarded from UNDERCODE NEWS
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦How to configure a host-based intrusion detection system on CentOS?
One of the first security measures that any system administrator wants to deploy on its production server is a mechanism to detect file tampering-criminals tamper with not only file content, but also file attributes.
AIDE (full name "Advanced Intrusion Detection Environment") is a host-based open source intrusion detection system. AIDE checks the integrity of system binary files and basic configuration files by checking the inconsistency of many file attributes. These file attributes include permissions, file types, inodes, number of links, link names, users, user groups, and file sizes. , Block count, modification time, access time, creation time, access control list (acl), SELinux security context, xattrs and md5/sha checksum.
AIDE builds a file attribute database by scanning the file system of a (untampered) Linux server. Then, it checks the file attributes of the server against the database, and then issues a warning if there are any changes to the index file while the server is running. It is for this reason that whenever the system is updated or the configuration file is changed due to legitimate reasons, AIDE must re-index the protected files.
For some customers, their security policy may require some kind of intrusion detection system (IDS) to be installed on the server. But whether the customer requires IDS or not, it is a good practice for system administrators to deploy IDS.
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦How to configure a host-based intrusion detection system on CentOS?
One of the first security measures that any system administrator wants to deploy on its production server is a mechanism to detect file tampering-criminals tamper with not only file content, but also file attributes.
AIDE (full name "Advanced Intrusion Detection Environment") is a host-based open source intrusion detection system. AIDE checks the integrity of system binary files and basic configuration files by checking the inconsistency of many file attributes. These file attributes include permissions, file types, inodes, number of links, link names, users, user groups, and file sizes. , Block count, modification time, access time, creation time, access control list (acl), SELinux security context, xattrs and md5/sha checksum.
AIDE builds a file attribute database by scanning the file system of a (untampered) Linux server. Then, it checks the file attributes of the server against the database, and then issues a warning if there are any changes to the index file while the server is running. It is for this reason that whenever the system is updated or the configuration file is changed due to legitimate reasons, AIDE must re-index the protected files.
For some customers, their security policy may require some kind of intrusion detection system (IDS) to be installed on the server. But whether the customer requires IDS or not, it is a good practice for system administrators to deploy IDS.
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from DailyCVE
π΅A SQL injection vulnerability exists in the website of Chongqing Yishu Information Technology Co., Ltd.2021-01-10
https://dailycve.com/sql-injection-vulnerability-exists-website-chongqing-yishu-information-technology-co-ltd2021-01-10
https://dailycve.com/sql-injection-vulnerability-exists-website-chongqing-yishu-information-technology-co-ltd2021-01-10
Dailycve
A SQL injection vulnerability exists in the website of Chongqing Yishu Information Technology Co., Ltd.2021-01-10 | CVE
Details:
Chongqing Yishu Information Technology Co., Ltd. (abbreviation: Yishu Online, Chongqing Yishu) is devoted to the construction of the company website, the production of the Internet application infrastructure and the promotion of the network.β¦
Forwarded from DailyCVE
π΅Unauthorized access vulnerability exists in ThinkAdmin:
https://dailycve.com/unauthorized-access-vulnerability-exists-thinkadmin
https://dailycve.com/unauthorized-access-vulnerability-exists-thinkadmin
Dailycve
Unauthorized access vulnerability exists in ThinkAdmin | CVE
Details:
Centered on the new ThinkPHP V6, open source using the most relaxed MIT protocol, ThinkAdmin is a background management system developed.
ThinkAdmin has an authentication flaw that is illegal. Bypass login vulnerabilities may be exploited byβ¦
Forwarded from UNDERCODE NEWS
A significant number of cases of loss of external reference connections have been triggered by the Twitter ban on President Trump.
#International
#International
Forwarded from UNDERCODE NEWS
New Apple Products: Guide To Whatβs Coming Out in April ?
#Technologies
#Technologies
Forwarded from UNDERCODE NEWS
Cisco issued an announcement to refute that it has met all the conditions for completing the acquisition of Acacia.
#Updates
#Updates
